Added OIDC IAM logic for Keycloak
parent
3fd6b0a8e4
commit
7106d1cf18
@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
|
||||
. CONFIG.sh
|
||||
|
||||
# set -o xtrace ## To debug scripts
|
||||
# set -o errexit ## To exit on error
|
||||
# set -o errunset ## To exit if a variable is referenced but not set
|
||||
|
||||
|
||||
function main() {
|
||||
rm -rf venv/
|
||||
|
||||
clear
|
||||
python -m venv venv/
|
||||
sleep 2
|
||||
source "./venv/bin/activate"
|
||||
|
||||
ANSR="-1"
|
||||
while [[ $ANSR != "0" ]] && [[ $ANSR != "1" ]] && [[ $ANSR != "2" ]]; do
|
||||
clear
|
||||
menu_mesage
|
||||
read -p "--> : " ANSR
|
||||
done
|
||||
case $ANSR in
|
||||
"1" ) pip install -r linux-requirements.txt;;
|
||||
"2" ) pip install -r windows-requirements.txt;;
|
||||
"0" ) exit;;
|
||||
* ) echo "Don't know how you got here but that's a bad sign...";;
|
||||
esac
|
||||
}
|
||||
|
||||
function menu_mesage() {
|
||||
echo "NOTE: Make sure to have Python 3 installed!"
|
||||
echo -e "\nWhat do you want to do?"
|
||||
echo -e "\t1) Generate Linux/Mac supported venv. (Installs Repuirements)"
|
||||
echo -e "\t2) Generate Windows supported venv. (Installs Repuirements)"
|
||||
echo -e "\t0) EXIT"
|
||||
}
|
||||
|
||||
main $@;
|
@ -1,18 +1,10 @@
|
||||
bcrypt==3.1.7
|
||||
cffi==1.14.0
|
||||
Click==7.0
|
||||
Flask==1.1.1
|
||||
Flask-Bcrypt==0.7.1
|
||||
flask-oidc==1.4.0
|
||||
Flask-Login==0.5.0
|
||||
Flask-Bcrypt==0.7.1
|
||||
Flask-SQLAlchemy==2.4.1
|
||||
Flask-WTF==0.14.3
|
||||
gunicorn==19.9.0
|
||||
itsdangerous==1.1.0
|
||||
Jinja2==2.10.3
|
||||
MarkupSafe==1.1.1
|
||||
pkg-resources==0.0.0
|
||||
pycparser==2.20
|
||||
six==1.14.0
|
||||
SQLAlchemy==1.3.11
|
||||
Werkzeug==0.16.0
|
||||
WTForms==2.2.1
|
||||
|
@ -0,0 +1,14 @@
|
||||
{
|
||||
"web": {
|
||||
"auth_uri": "http://localhost:8080/auth/realms/apps/protocol/openid-connect/auth",
|
||||
"client_id": "apps",
|
||||
"issuer": "http://localhost:8080/auth/realms/apps",
|
||||
"client_secret": "[ADD YOUR SECRET FROM THE REALM>CLIENTS>apps>Credentials Tab]",
|
||||
"redirect_uris": [
|
||||
"http://localhost:6969/"
|
||||
],
|
||||
"userinfo_uri": "http://localhost:8080/auth/realms/apps/protocol/openid-connect/userinfo",
|
||||
"token_uri": "http://localhost:8080/auth/realms/apps/protocol/openid-connect/token",
|
||||
"token_introspection_uri": "http://localhost:8080/auth/realms/apps/protocol/openid-connect/token/introspect"
|
||||
}
|
||||
}
|
@ -1,2 +1,6 @@
|
||||
from . import Routes
|
||||
from .pages import Login, Register
|
||||
from .pages import Flask_Login
|
||||
from .pages import Flask_Register
|
||||
from .pages import OIDC_Login
|
||||
from .pages import OIDC_Register
|
||||
from .pages import LoginManager
|
||||
|
@ -0,0 +1,43 @@
|
||||
# Python imports
|
||||
|
||||
# Lib imports
|
||||
from flask import redirect, url_for, flash
|
||||
|
||||
# App imports
|
||||
from core import app
|
||||
|
||||
|
||||
ROUTE = app.config['LOGIN_PATH']
|
||||
|
||||
|
||||
@app.route('/login', methods=['GET', 'POST'])
|
||||
def login():
|
||||
if ROUTE == "OIDC":
|
||||
return redirect(url_for("oidc_login"))
|
||||
if ROUTE == "FLASK_LOGIN":
|
||||
return redirect(url_for("app_login"))
|
||||
|
||||
flash("No Login Path Accessable! Please contact an Administrator!", "danger")
|
||||
return redirect(url_for("home"))
|
||||
|
||||
|
||||
@app.route('/logout')
|
||||
def logout():
|
||||
if ROUTE == "OIDC":
|
||||
return redirect(url_for("oidc_logout"))
|
||||
if ROUTE == "FLASK_LOGIN":
|
||||
return redirect(url_for("app_logout"))
|
||||
|
||||
flash("No Logout Path Accessable! Please contact an Administrator!", "danger")
|
||||
return redirect(url_for("home"))
|
||||
|
||||
|
||||
@app.route('/register', methods=['GET', 'POST'])
|
||||
def register():
|
||||
if ROUTE == "OIDC":
|
||||
return redirect(url_for("oidc_register"))
|
||||
if ROUTE == "FLASK_LOGIN":
|
||||
return redirect(url_for("app_register"))
|
||||
|
||||
flash("No Register Path Accessable! Please contact an Administrator!", "danger")
|
||||
return redirect(url_for("home"))
|
@ -0,0 +1,29 @@
|
||||
# Python imports
|
||||
|
||||
# Lib imports
|
||||
from flask import request, redirect, flash
|
||||
|
||||
|
||||
# App imports
|
||||
from ... import app, oidc
|
||||
|
||||
|
||||
TITLE = app.config['TITLE']
|
||||
|
||||
|
||||
@app.route('/oidc-login', methods=['GET', 'POST'])
|
||||
@oidc.require_login
|
||||
def oidc_login():
|
||||
return redirect("/")
|
||||
|
||||
|
||||
@app.route('/oidc-logout', methods=['GET', 'POST'])
|
||||
@oidc.require_login
|
||||
def oidc_logout():
|
||||
oidc.logout()
|
||||
flash("Logged out successfully!", "success")
|
||||
# NOTE: Need to redirect to logout on OIDC server to end session there too.
|
||||
# If not, we can hit login url again and get same token until it expires.
|
||||
return redirect( oidc.client_secrets.get('issuer')
|
||||
+ '/protocol/openid-connect/logout?redirect_uri='
|
||||
+ app.config['APP_REDIRECT_URI'])
|
@ -0,0 +1,32 @@
|
||||
# Python imports
|
||||
|
||||
# Lib imports
|
||||
from flask import request, render_template, url_for, redirect, flash
|
||||
|
||||
# App imports
|
||||
from ... import app, oidc, db # Get from __init__
|
||||
from ...utils import MessageHandler # Get simple message processor
|
||||
|
||||
|
||||
msgHandler = MessageHandler()
|
||||
TITLE = app.config['TITLE']
|
||||
|
||||
@app.route('/oidc-register', methods=['GET', 'POST'])
|
||||
def oidc_register():
|
||||
if oidc.user_loggedin:
|
||||
return redirect("/home")
|
||||
|
||||
_form = RegisterForm()
|
||||
if _form.validate_on_submit():
|
||||
# NOTE: Do a requests api here maybe??
|
||||
|
||||
# hashed_password = bcrypt.generate_password_hash(_form.password.data).decode("utf-8")
|
||||
# user = User(username=_form.username.data, password=hashed_password)
|
||||
# db.session.add(user)
|
||||
# db.session.commit()
|
||||
flash("Account created successfully!", "success")
|
||||
return redirect("/login")
|
||||
|
||||
return render_template('register.html',
|
||||
title = TITLE,
|
||||
form = _form)
|
Binary file not shown.
@ -0,0 +1,56 @@
|
||||
# Python imports
|
||||
import os, logging
|
||||
|
||||
# Application imports
|
||||
|
||||
|
||||
class Logger:
|
||||
def __init__(self):
|
||||
pass
|
||||
|
||||
def get_logger(self, loggerName = "NO_LOGGER_NAME_PASSED", createFile = True):
|
||||
"""
|
||||
Create a new logging object and return it.
|
||||
:note:
|
||||
NOSET # Don't know the actual log level of this... (defaulting or literally none?)
|
||||
Log Levels (From least to most)
|
||||
Type Value
|
||||
CRITICAL 50
|
||||
ERROR 40
|
||||
WARNING 30
|
||||
INFO 20
|
||||
DEBUG 10
|
||||
:param loggerName: Sets the name of the logger object. (Used in log lines)
|
||||
:param createFile: Whether we create a log file or just pump to terminal
|
||||
|
||||
:return: the logging object we created
|
||||
"""
|
||||
|
||||
globalLogLvl = logging.DEBUG # Keep this at highest so that handlers can filter to their desired levels
|
||||
chLogLevel = logging.CRITICAL # Prety musch the only one we change ever
|
||||
fhLogLevel = logging.DEBUG
|
||||
log = logging.getLogger(loggerName)
|
||||
log.setLevel(globalLogLvl)
|
||||
|
||||
# Set our log output styles
|
||||
fFormatter = logging.Formatter('[%(asctime)s] %(pathname)s:%(lineno)d %(levelname)s - %(message)s', '%m-%d %H:%M:%S')
|
||||
cFormatter = logging.Formatter('%(pathname)s:%(lineno)d] %(levelname)s - %(message)s')
|
||||
|
||||
ch = logging.StreamHandler()
|
||||
ch.setLevel(level=chLogLevel)
|
||||
ch.setFormatter(cFormatter)
|
||||
log.addHandler(ch)
|
||||
|
||||
if createFile:
|
||||
folder = "logs"
|
||||
file = folder + "/flask-application.log"
|
||||
|
||||
if not os.path.exists(folder):
|
||||
os.mkdir(folder)
|
||||
|
||||
fh = logging.FileHandler(file)
|
||||
fh.setLevel(level=fhLogLevel)
|
||||
fh.setFormatter(fFormatter)
|
||||
log.addHandler(fh)
|
||||
|
||||
return log
|
@ -0,0 +1,2 @@
|
||||
from .Logger import Logger
|
||||
from .MessageHandler import MessageHandler
|
@ -1,4 +1,4 @@
|
||||
from core import app
|
||||
|
||||
if __name__ == '__main__':
|
||||
app.run(debug=True)
|
||||
app.run(debug=False)
|
||||
|
@ -1,18 +1,10 @@
|
||||
bcrypt==3.1.7
|
||||
cffi==1.14.0
|
||||
Click==7.0
|
||||
Flask==1.1.1
|
||||
Flask-Bcrypt==0.7.1
|
||||
flask-oidc==1.4.0
|
||||
Flask-Login==0.5.0
|
||||
Flask-Bcrypt==0.7.1
|
||||
Flask-SQLAlchemy==2.4.1
|
||||
Flask-WTF==0.14.3
|
||||
itsdangerous==1.1.0
|
||||
Jinja2==2.10.3
|
||||
MarkupSafe==1.1.1
|
||||
pkg-resources==0.0.0
|
||||
pycparser==2.20
|
||||
six==1.14.0
|
||||
SQLAlchemy==1.3.11
|
||||
waitress==1.4.3
|
||||
SQLAlchemy==1.3.11
|
||||
Werkzeug==0.16.0
|
||||
WTForms==2.2.1
|
||||
WTForms==2.2.1
|
Loading…
Reference in New Issue